Tackling the cyber security problem

Tackling the cyber security problem

You hear it on the news almost daily: a well-known company has been breached, often on a catastrophic scale.

Cyber security has become one of the most urgent issues facing modern businesses, with attacks increasing, impacting all kinds of organisations, and now even several governments. In the past year alone, we have seen major breaches at multinational companies such as Facebook and British Airways –firms we hoped we could trust to protect our data.

While there is still no magic formula to eradicate cyber crime, there are steps that organisations and government bodies can take, as well as things we can do individually, to help reduce risk.

Firstly, there are a number of ways businesses can protect themselves from falling victim hackers. These include assessing the possible risks and pinpointing exactly where the threat to their company lies, and what sector of the business could be targeted. Cyber security consultancies offer services which make it possible to ‘hack’ a company’s infrastructure, enabling them to identify weaknesses and the area’s most vulnerable to threats. Once identified, solutions can be put in place to strengthen systems and data.

However, businesses also need to educate employees, as they can be a vulnerability factor; 88% of UK data breaches in the last two years were caused by human error. No matter how strong your defences are, one malicious email could allow a criminal to break into your IT systems and access sensitive information, such company files, internal communications and employees’ personal data.

To mitigate risk, businesses should make sure that all employees are aware of potential cyber security threats such as phishing emails and using an unsecured network. Security should be built into the culture of an organisation. Companies must have a robust security system in place, but this will become a wasted investment if companies don’t also train their staff, which means going beyond the standard PowerPoint presentations and box ticking exercises.

So, companies are responsible for educating employees, employees are responsible for implementing these teachings. However, should device manufacturers also take responsibility for bolstering the security of devices? California seems to think so. The proposed legislation, which if approved would come into effect in January 2020, requires connected devices to have a ‘reasonable’ security feature or features included at the point of manufacture. This means that whether the products are cars, phones or even fridges, they must come equipped with unique passwords, or a feature requiring the user to set their own unique password. Supporters of the bill say that the threat of litigation will make manufacturers quite rightly turn their attention to security. Similarly, following the introduction of the EU’s GDPR, companies now have a responsibility to ensure data protection is ‘by design and by default,’ placing further onus on device manufacturers to inbuild security into products from the very beginning.

Initiatives such as these show that cyber security is increasingly becoming a legal issue, which may incentivise companies to take greater responsibility for data protection. However, to best mitigate risk, a three pronged-approach, where businesses, governments and individuals all play a role in tackling cybercrime, will undoubtedly be most effective.